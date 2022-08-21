A new type of virtual scam has quickly become popular and has drawn the attention of users and authorities. Known as “Phantom Hand”, the fraud gets to be cruel, allowing the victim to see their bank account being emptied in real time. The popularization of this type of crime, which involves the installation of fake applications, has made banks need to warn their customers.

The fraud is quite sophisticated, in which the fraudster installs a remote access application on the victim’s smartphone. The installation takes place after phishing campaigns, in which bank account holders are convinced to perform a fake update of their bank’s applications, or to install fake additional plugins, which will serve to increase the security of these applications.

Fraudsters are quite convincing

Another tactic involves so-called vishing, or voice phishing, in which criminals simulate a fake switchboard, pretend to work at the banks where victims have an account, and warn of a transaction that never took place. After that, they send a link to install this same application, under the same pretext, that it would be an additional protection for the bank account.

The phantom hand scam is effective when the victim is convinced that the contact via email, SMS or phone was actually made by the bank and installs the fake application on their smartphone. For this, the contact is very realistic, with simulations that even involve the ambient sound of a call center and even the transfer of the call to other people, who would be from other sectors, to increase the credibility of the fraud.

These rogue apps allow criminals to view victims’ smartphones in real time, and even manage some screens and apps remotely. In general, victims notice strange behavior on the devices, with some apps opening on their own. This access opens the possibility of transfers of values, payment of false slips and even loan requests.

Banks are on alert

Banco do Brasil prepared a preventive material to alert its customers about the phantom hand scam. (Image: Marcelo Camargo/Agência Brasil)

The popularization of the ghost hand scam led Banco do Brasil to prepare special material, with a series of guidelines, regarding this type of fraud. The institution reinforced that it does not request the installation of any application other than the bank’s official app. In addition, it doesn’t have the practice of sending links to its customers, and all the bank’s apps must be found in the official Android and iPhone stores.

The Brazilian Federation of Whites (Febraban), in turn, issued a statement informing that the official apps of the banks are, by themselves, quite safe. According to the entity, there is no record of security breaches recorded in these apps, and it is not necessary to install any additional applications to increase the security of these software.

how to protect yourself

In order to avoid falling for the “Phantom Hand” scam, it is important to keep in mind that banks never contact you requesting the installation of applications or send links to their customers without their having asked. If in doubt, contact your bank yourself using the phone number on the back of your card or go to your branch for clarification.

Whenever you receive calls, avoid being carried away by emotion, scammers put a sense of urgency so that the victim will be worried and do whatever he wants. Today, the applications of the main banks allow them to be monitored in real time, if the scammer cites a false transaction, check in the app if that attempt was actually made.

Even if the transaction has not been approved, the user will be able to see in the application that the attempt was made if it is a real transaction. If when opening the app, nothing appears, it is a sign that this could be a scam. Also, never install apps with links received by SMS, email or WhatsApp, everything your bank needs you to have will be found in the official Android and Apple stores.

Always use two-factor authentication for transaction authorization. In general, in addition to the password, you will also be asked for some biometric data, such as your face or fingerprint. And if you have already been a victim of the “Phantom Hand” scam or any other financial fraud, look for a police station, if possible, specializing in digital crimes, and file a report.

Source: Jornal Extra